Apple asks for Mac OS security help as Kaspersky CTO describes the platform as ‘really vulnerable’

mac-flashback-virusThe discovery last month that some 600,000 Mac computers worldwide were infected with the Flashback malware must have come as a big embarrassment for Apple.

The company’s Mac OS operating system has for the most part managed to escape the attentions of malicious programmers over the years, though in recent times – due partly to its growing user base – it has become of increasing interest to such programmers.

With a report on Monday that Apple is now seeking the help of computer security firm Kaspersky to strengthen Mac OS security, it appears the Cupertino company is finally waking up to the reality that its operating system could be far more vulnerable to attacks than first thought.

In the Computing report, Kaspersky’s chief technology officer Nikolai Grebennikov went so far as to describe the Mac OS platform as “really vulnerable.”

Confirming that Apple had recently invited Kaspersky to help improve the security of Mac OS, Grebennikov said, “We’ve begun an analysis of its vulnerabilities, and the malware targeting it.”

He went on to express the view that up to now the company had failed to take the issue of security seriously. “Our first investigations show Apple doesn’t pay enough attention to security,” he said.

Grebennikov highlighted his point by explaining how slow Apple were in responding to a known security issue with Java, which Flashback exploited.

“Oracle closed a vulnerability in Java, which was a target for a major botnet several months ago,” he said.

“Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That’s far too long.”

Grebennikov said that the discovery of the malware by the security community was a “huge sign” that Apple’s security model is flawed.

He went on to tell Computing that while up to now no iOS-specific malware has been spotted, he believes that over the next 12 months he wouldn’t be surprised to see Apple’s mobile devices, such as the iPhone and iPad, also becoming infected by malware.

“Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS,” Grebennikov said.

With millions of iPhones and iPads already in the hands of consumers, you’d like to think that Apple is working flat out to bolster the security of not only its Mac OS platform, but also its mobile operating system. Let’s wait and see if Grebennikov is proved right on this one.